Stories
Slash Boxes
Comments

SoylentNews is people

49% of Workers, When Forced to Update Their Password, Reuse the Same One With Just a Minor Change

posted by martyb on Friday December 13 2019, @03:11PM   Printer-friendly
from the https://xkcd.com/936/ dept.

An Anonymous Coward writes:

49% of workers, when forced to update their password, reuse the same one with just a minor change:

A survey of 200 people conducted by security outfit HYPR has some alarming findings.

For instance, not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change.

Furthermore, many users were clearly relying upon their puny human memory to remember passwords (42% in the office, 35% in their personal lives) rather than something more reliable. This, no doubt, feeds users' tendency to choose weak, easy-to-crack passwords as well as reusing old passwords or making minor changes to existing ones.

What is so bad about changing "Password1" to "Password2"?

Original Submission

 
This discussion has been archived. No new comments can be posted.
49% of Workers, When Forced to Update Their Password, Reuse the Same One With Just a Minor Change | Log In/Create an Account | Top | 75 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Rupert Pupnick on Friday December 13 2019, @05:35PM (3 children)

    by Rupert Pupnick (7277) on Friday December 13 2019, @05:35PM (#931765) Journal

    But if the password is already "strong" to begin with, what's wrong with a small incremental change as an update?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by maxwell demon on Friday December 13 2019, @08:31PM

    by maxwell demon (1608) on Friday December 13 2019, @08:31PM (#931819) Journal

    Exactly. I've long used a strong password, and a small variant part at the end. Until they started to test similarity with the previous password. Since it came unexpected, and I hadn't much time to think about and memorize it, my next password was considerably weaker.

    And no, a password manager is no option for the login password.

    --
    The Tao of math: The numbers you can count are not the real numbers.

  • (Score: 2) by toddestan on Friday December 13 2019, @11:44PM

    by toddestan (4982) on Friday December 13 2019, @11:44PM (#931867)

    If the password is strong and secure, then there really is no reason to have to change it.

    If the password has been compromised somehow - the malicious actor trying to get in might be able to guess/figure out your small change and still gain access. The whole point of these password change policies is to defend against scenarios where the password has been compromised somehow but that fact is not yet known. A small, easy to guess change completely defeats the purpose of that policy.

  • (Score: 2) by RS3 on Saturday December 14 2019, @12:08AM

    by RS3 (6367) on Saturday December 14 2019, @12:08AM (#931875)

    This answer applies to the many comments I got, but don't want to pepper all the answers:

    I was referring to the literal password "Password1". I'm pretty sure the hackorz try those exact things first.

    Otherwise, I certainly agree- a 1 character change to an already "strong" password is a great option, resulting in an equally strong password.